Re: SSID with client certificate authentication

I want to create an SSID with a client certificate authentication (certificate are installed on the computer machines).

Does any one know how can i make this with Aruba?

Please give me step by step all the needed configuration

An other question, do i need a Radius server or the controller can make this role?

Thank you all

1. Believe it or not, there is very little to configure on Aruba. The Aruba configuration is identical to using PEAP. The main differences is how the server is configured, how certificates are distributed and how clients are configured (no difference on the Aruba Controller). If you have a Microsoft Shop, they give detailed information in their lab guide here: http://www.microsoft.com/en-us/download/details.aspx?id=18161

2. You absolutely need a radius server. There is a way to do this using an Aruba Controller without a radius server but it is an advanced topic. You should look at the lab guide to ensure that you have all the pieces necessary and set it up with a Microsoft Radius Server first.

Re: SSID with client certificate authentication

‎10-11-201302:36 PM

Hi,

First thank you for the answer. I read the user guide or the aruba 6.2. It seems that the controller can work as a radius. I also see that i have to install CA certificate and server certificate on the controller. Do i need to this even if i use a radius?

You said that i don't have to made a lot of configuration on the controller but you didn't say what i have to do? Just an 802.1x SSID?

Re: SSID with client certificate authentication

‎10-11-201302:59 PM

Zakaria wrote:

Hi,

First thank you for the answer. I read the user guide or the aruba 6.2. It seems that the controller can work as a radius. I also see that i have to install CA certificate and server certificate on the controller. Do i need to this even if i use a radius? NO

You said that i don't have to made a lot of configuration on the controller but you didn't say what i have to do? Just an 802.1x SSID? Have you ever configured 802.1x on a controller before? If so, the configuration for EAP-PEAP and EAP-TLS is the same. If you have never done EAP-PEAP (If you don't have a radius server you probably have not), you should start with that first, because it is simpler to accomplish.

Re: SSID with client certificate authentication

‎10-14-201303:54 AM

Hi,

I have configured 802.1X using a NPS-Based authentication. The users are authenticated using their Active Directory Credentials. I have never create an SSID with certificate authentication that is why i asked the question

Re: SSID with client certificate authentication

‎10-14-201304:01 AM

Zakaria wrote:

Hi,

I have configured 802.1X using a NPS-Based authentication. The users are authenticated using their Active Directory Credentials. I have never create an SSID with certificate authentication that is why i asked the question

Thx again

If that is the case, you don't have to change anything on the Aruba side. The 802.1x setup is the same. You can even reuse the same 802.1x SSID if you want.

To add EAP-TLS configuration (assuming you already have a CA configured) you need to:

1. Change your Wireless LAN Remote Access policy on the NPS so that it allows "smartcard or certificate" instead of or in addition to PEAP